From patchwork Wed Mar 29 18:25:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anjali Kulkarni X-Patchwork-Id: 76761 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp608398vqo; Wed, 29 Mar 2023 11:29:13 -0700 (PDT) X-Google-Smtp-Source: AK7set/Yp0EYpr+eUxZ3hbSUoOczB0xnBTgyjb4f9MkQvpf9CVChm0bnsI1o1FMUChMP2DVr8MSY X-Received: by 2002:a05:6a20:1730:b0:d7:b09b:a723 with SMTP id bn48-20020a056a20173000b000d7b09ba723mr15798890pzb.8.1680114552718; Wed, 29 Mar 2023 11:29:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680114552; cv=none; d=google.com; s=arc-20160816; b=hsSuVmZA3BZAICyK/ART4Ja76FjwAct2rDF+pZaVOypseQNlpCSnvj9FiFYuuLV8jP SgPMltqry4EKGVl5JMnGwmebSGNKRr1BQR1K65iWNGbtqOFbBQfUygSCTJQ+q4OcMwNN 3Ip167uie0/OFV7Cr1bfkDScluhWfNxFsEE8m8U2GSBZxW+1S2YvozMBYVA0/C/t/ZY7 b5nhT/Jsm3X6ZcejfD1LMqVLZTjW6RYTXTBofCjP/ju1oz17alodzhkxuQeqhtUqjQMD yQySFVm7qk72aRfD/xTBj7ptDJUoG7Jclmn3b+3lEjFlT9YQM/6C4udgkrKSNHhvSwb2 Xl6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=AUT1ByPoWKUDPC9MsuUg7nclkH2RwGmVTERIFQiuttY=; b=WWPXghdwpC1UU8d64URSXhIT8kADJiH9Zkc4lPLkHFn5H0UfOz/48g/oulgLr5FNAf vhu034TFHxRwJ22mmEVGf+u77IRnBaXeGmWkfYbR1ubrgHwM9OW6DysqZX1W8f3yT48y tli9yzDpR/w06oJOmjn3Sz2opaY86IX87KqbDrC41e5+llCpCI0JtBKgCXbPhkYuvii9 /57RgMzLlSmqmcPq52ASKyjrAKmkcphjtD4EKs8ezkzXkXRK21yK9XDKXMNCLL86BVKJ TLaXlWw5zI8qSgWEchz+4V30D6QtLXGCABqziM/Hji96DesJumhHRDwt7IhuqGppbUP0 YnwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=MamQqG79; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h9-20020a631209000000b00502d825633asi30668335pgl.639.2023.03.29.11.29.00; Wed, 29 Mar 2023 11:29:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=MamQqG79; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229847AbjC2S0e (ORCPT + 99 others); Wed, 29 Mar 2023 14:26:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229684AbjC2S0T (ORCPT ); Wed, 29 Mar 2023 14:26:19 -0400 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15F556189; Wed, 29 Mar 2023 11:26:16 -0700 (PDT) Received: from pps.filterd (m0333521.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32TIP5sH005664; Wed, 29 Mar 2023 18:25:59 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2022-7-12; bh=AUT1ByPoWKUDPC9MsuUg7nclkH2RwGmVTERIFQiuttY=; b=MamQqG79ePMpvK3Sph0Wt7fK1e3hWlvRuHk9aD8G4j3UU9I0zUqDb3fx52+kDOa9nJXE KfoEWdwK2ZkMT17pS2OYzplQJwrmdRh1pZR/jYYiMv5q0pEvaJisTBRT5LU34Im8a6Lq 4MWGIft7B3sg9BkGbtH0JXSJOZJ/Fv1FhiRjLhOxFnjwzN9sx0REc3DKHGaWJgYRMLb/ U9I5tnyS8IHU/7W7h5g7E/pxIbqAmwp2lbWbJHid8ja6zZgTOJ11Is638Nb8IjayHGFN 9xYGLZgNZdWDLX0Jy8bDCPi9CWZ3cpjdCVI6ymh2y25h8euEX+bjA0MuCMFSJyxACARO ZA== Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.appoci.oracle.com [130.35.100.223]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3pmpc90wr9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 29 Mar 2023 18:25:59 +0000 Received: from pps.filterd (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 32THPIAl010840; Wed, 29 Mar 2023 18:25:58 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3phqdera0c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 29 Mar 2023 18:25:58 +0000 Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32TIPQeF004473; Wed, 29 Mar 2023 18:25:57 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.129.136.47]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id 3phqder9hg-8; Wed, 29 Mar 2023 18:25:57 +0000 From: Anjali Kulkarni To: davem@davemloft.net Cc: edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, zbr@ioremap.net, brauner@kernel.org, johannes@sipsolutions.net, ecree.xilinx@gmail.com, leon@kernel.org, keescook@chromium.org, socketcan@hartkopp.net, petrm@nvidia.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, anjali.k.kulkarni@oracle.com Subject: [PATCH v3 7/7] connector/cn_proc: Allow non-root users access Date: Wed, 29 Mar 2023 11:25:43 -0700 Message-Id: <20230329182543.1161480-8-anjali.k.kulkarni@oracle.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20230329182543.1161480-1-anjali.k.kulkarni@oracle.com> References: <20230329182543.1161480-1-anjali.k.kulkarni@oracle.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-29_12,2023-03-28_02,2023-02-09_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 malwarescore=0 suspectscore=0 mlxscore=0 mlxlogscore=999 spamscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2303290141 X-Proofpoint-GUID: d2dvtnhz1p_jJklz75Y_mwYSXNkp8cTy X-Proofpoint-ORIG-GUID: d2dvtnhz1p_jJklz75Y_mwYSXNkp8cTy X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761727797074955859?= X-GMAIL-MSGID: =?utf-8?q?1761727797074955859?= There were a couple of reasons for not allowing non-root users access initially - one is there was some point no proper receive buffer management in place for netlink multicast. But that should be long fixed. See link below for more context. Second is that some of the messages may contain data that is root only. But this should be handled with a finer granularity, which is being done at the protocol layer. The only problematic protocols are nf_queue and the firewall netlink. Hence, this restriction for non-root access was relaxed for NETLINK_ROUTE initially: https://lore.kernel.org/all/20020612013101.A22399@wotan.suse.de/ This restriction has also been removed for following protocols: NETLINK_KOBJECT_UEVENT, NETLINK_AUDIT, NETLINK_SOCK_DIAG, NETLINK_GENERIC, NETLINK_SELINUX. Since process connector messages are not sensitive (process fork, exit notifications etc.), and anyone can read /proc data, we can allow non-root access here. However, since process event notification is not the only consumer of NETLINK_CONNECTOR, we can make this change even more fine grained than the protocol level, by checking for multicast group within the protocol. Set perm_groups for CN_IDX_PROC to 1 indicating it has non-root access. Reason we need this change is we cannot run our DB application as root. Signed-off-by: Anjali Kulkarni --- drivers/connector/cn_proc.c | 7 ------- drivers/connector/connector.c | 1 + 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c index 35bec1fd7ee0..046a8c1d8577 100644 --- a/drivers/connector/cn_proc.c +++ b/drivers/connector/cn_proc.c @@ -408,12 +408,6 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, !task_is_in_init_pid_ns(current)) return; - /* Can only change if privileged. */ - if (!__netlink_ns_capable(nsp, &init_user_ns, CAP_NET_ADMIN)) { - err = EPERM; - goto out; - } - if (msg->len == sizeof(*pinput)) { pinput = (struct proc_input *)msg->data; mc_op = pinput->mcast_op; @@ -460,7 +454,6 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, break; } -out: cn_proc_ack(err, msg->seq, msg->ack); } diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c index d1179df2b0ba..a9e5ed36732d 100644 --- a/drivers/connector/connector.c +++ b/drivers/connector/connector.c @@ -262,6 +262,7 @@ static int cn_init(void) .groups = CN_NETLINK_USERS + 0xf, .input = cn_rx_skb, .release = cn_release, + .perm_groups = 0x1, }; dev->nls = netlink_kernel_create(&init_net, NETLINK_CONNECTOR, &cfg);